[Koha-bugs] [Bug 25045] Add a way to restrict anonymous access to public routes (OpacPublic behaviour)
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jun 18 23:42:06 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045
--- Comment #32 from Tomás Cohen Arazi <tomascohen at gmail.com> ---
(In reply to Aleisha Amohia from comment #31)
> I have tried to apply but tests fail on my devbox for 19.11.x.
>
> $ prove -v t/db_dependent/api/v1/auth_authenticate_api_request.t
> t/db_dependent/api/v1/auth_authenticate_api_request.t ..
> 1..3
> # Subtest: token-based tests
> 1..10
> [2020-06-19 09:33:05.84026] [12653] [debug] POST "/api/v1/oauth/token"
> (5ef232ce)
> [2020-06-19 09:33:05.84638] [12653] [debug] Routing to controller
> "Koha::REST::V1::Auth" and action "under"
> [2020-06-19 09:33:05.84791] [12653] [debug] Routing to controller
> "Koha::REST::V1::OAuth" and action "token"
> [2020-06-19 09:33:05.86256] [12653] [debug] 200 OK (0.022287s, 44.869/s)
> ok 1 - POST /api/v1/oauth/token
> ok 2 - 200 OK
> ok 3 - exact match for JSON Pointer "/expires_in"
> ok 4 - exact match for JSON Pointer "/token_type"
> ok 5 - has value for JSON Pointer "/access_token"
> [2020-06-19 09:33:05.86597] [12653] [debug] GET "/api/v1/patrons" (01e901a8)
> [2020-06-19 09:33:05.86677] [12653] [debug] Routing to controller
> "Koha::REST::V1::Auth" and action "under"
> [2020-06-19 09:33:05.88419] [12653] [debug] Routing to controller
> "Koha::REST::V1::Patrons" and action "list"
> [2020-06-19 09:33:06.11926] [12653] [debug] 200 OK (0.253264s, 3.948/s)
> ok 6 - GET /api/v1/patrons
> ok 7 - 200 OK
> ok 8 - The 'koha.user' object is defined in the stash
> ok 9 - Stashed koha.user object type is Koha::Patron
> ok 10 - The stashed user is the right one
> ok 1 - token-based tests
> # Subtest: cookie-based tests
> 1..5
> [2020-06-19 09:33:06.29506] [12653] [debug] GET "/api/v1/patrons" (4f027938)
> [2020-06-19 09:33:06.29565] [12653] [debug] Routing to controller
> "Koha::REST::V1::Auth" and action "under"
> [2020-06-19 09:33:06.29736] [12653] [debug] 503 Service Unavailable
> (0.00229s, 436.681/s)
> ok 1 - GET /api/v1/patrons
> not ok 2 - 200 OK
>
> # Failed test '200 OK'
> # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 112.
> # got: '503'
> # expected: '200'
> not ok 3 - The 'koha.user' object is defined in the stash
>
> # Failed test 'The 'koha.user' object is defined in the stash'
> # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 115.
> # Looks like you planned 5 tests but ran 3.
> # Looks like you failed 2 tests of 3 run.
> not ok 2 - cookie-based tests
>
> # Failed test 'cookie-based tests'
> # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 120.
> # Subtest: anonymous requests to public API
> 1..4
> [2020-06-19 09:33:06.54596] [12653] [debug] GET "/api/v1/public/biblios/3"
> (1a0aa1cd)
> [2020-06-19 09:33:06.54737] [12653] [debug] Routing to controller
> "Koha::REST::V1::Auth" and action "under"
> [2020-06-19 09:33:06.54867] [12653] [debug] 503 Service Unavailable
> (0.002694s, 371.195/s)
> ok 1 - GET /api/v1/public/biblios/3
> not ok 2 - Unauthorized anonymous attempt to access a resource
>
> # Failed test 'Unauthorized anonymous attempt to access a resource'
> # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 143.
> # got: '503'
> # expected: '401'
> [2020-06-19 09:33:06.55176] [12653] [debug] GET "/api/v1/public/biblios/3"
> (ece5c188)
> [2020-06-19 09:33:06.55231] [12653] [debug] Routing to controller
> "Koha::REST::V1::Auth" and action "under"
> [2020-06-19 09:33:06.55343] [12653] [debug] 503 Service Unavailable
> (0.001661s, 602.047/s)
> ok 3 - GET /api/v1/public/biblios/3
> not ok 4 - Successfull anonymous access to a resource
>
> # Failed test 'Successfull anonymous access to a resource'
> # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 149.
> # got: '503'
> # expected: '200'
> # Looks like you failed 2 tests of 4.
> not ok 3 - anonymous requests to public API
>
> # Failed test 'anonymous requests to public API'
> # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 153.
> # Looks like you failed 2 tests of 3.
> Dubious, test returned 2 (wstat 512, 0x200)
> Failed 2/3 subtests
>
> Test Summary Report
> -------------------
> t/db_dependent/api/v1/auth_authenticate_api_request.t (Wstat: 512 Tests: 3
> Failed: 2)
> Failed tests: 2-3
> Non-zero exit status: 2
> Files=1, Tests=3, 8 wallclock secs ( 0.02 usr 0.01 sys + 3.77 cusr 1.14
> csys = 4.94 CPU)
> Result: FAIL
>
> Please fix up and I will backport!
I'll do it tomorrow
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list